This law gave the government the power to do just that. Details of implementing a backdoor in secret is close to impossible, as any developer would know. There was a post[1] made by "Alfie John" (alfiedotwtf) that outlines a scenario in which a developer is presented with a Technical Capability Notice (TCN).

> I do not expect you can have an extra-territorial obligation placed on your work conducted outside Australia. If you are working inside australia remotely I think its complex.

Australian citizens, regardless of their location are obliged to comply with these requests.

If you are presented with a TAR, TAN or TCN, you have the option to seek legal council in private or risk fines of up to AUD$7.3 million.

You risk imprisonment if you reveal details about the notice to anyone other than those who are included in the notice or to seek legal council (this is an exception within the law).

[1] https://twitter.com/alfiedotwtf/status/1070047303275175936

Extra-territorial law application is very complex. KP is one of the few places where you can routinely expect to be prosecuted in Australia for breaches overseas. or FGM. Or, more recently the war in Syria but bear with me: do you not also recognize that there is a huge reluctance to try and enforce the law in that last regard? because it turns out simply being somewhere is not neccessarily a good basis to declare you broke the law, noting that few if any of the people seeking to come home took up arms, and specifically took up arms against Australia or her allies.

They also have to serve the request on you. Simply issuing it doesn't make it binding surely? You have to be formally notified.

Lastly, since you can reveal it to your lawyer, I would argue that it implies they believe it could be mis-applied, or you can have a case in law to contest its applicability.

And, included in the notice begs the question: do we have any indication aside from hypothetically speaking, that a TAR/TAN/TCN has or can be drafted which doesn't include the employer and IPR holder in the notice?

To be honest, what you have written doesn't seem to be related and/or your point is lost. However, I will try to underline my comment with the following:

If you are issued with a TAR, TAN or TCN and you reside overseas you must comply or face extradition under an extradition treaty - unless you are fortunate enough to reside in a country that does not have an extradition treaty with Australia and that country is unlikely to make deals in secret with the Australian Government. Or, you are fortunate enough to have a secondary citizenship and subsequently renounce your Australian citizenship.

> They also have to serve the request on you. Simply issuing it doesn't make it binding surely? You have to be formally notified.

If you are issued this notice, you are able to refuse under 317ZB and incur 238 penalty units or $49,980 as an individual, or 47,619 penalty units or $9,999,990 as a corporate body. There is no limit to the number of subsequent notices that are able to be issued of the same nature. In reality this means, if it is important enough, the government will continue to issue notices until you comply.

> do we have any indication aside from hypothetically speaking, that a TAR/TAN/TCN has or can be drafted which doesn't include the employer and IPR holder in the notice?

The law stipulates that a person is considered to be a "designated communications provider" under 317C.

See also, all relevant sections detailing: "an employee of a designated communications provider" and "an employee of a contracted service provider of a designated communications provider".

317ZF dictates that disclosure outside of seeking legal council incurs a penalty of 5 years imprisonment.

I'm not sure where you received your information from, but most of what you have said is contradictory to the law that was passed. Have you read the Assistance and Access Bill?

Don't get me wrong, it is terribly done legislation, but there is no chance it would work against someone overseas, even after they return. You'd only be in trouble if you were in Australia when served with a notice, went to the US and told the internet, and then came home.

I can't believe the law officer of the land permitted a bill to be drafted which requires this kind of behaviour because it feels like even resigning from your employer would be a breach of the act, since you cannot disclose you have been served with a notice in resigning. But, if you deliberately insert or attempt to insert subverting code, you are implicitly undermining the integrity of your employers code.

I repeat what I said before: This feels like a legal minefield which a competent defense could drive a tank through. Just because it passed the chambers doesn't make it right, we have the kind of system which permits the high court to overturn manifestly unjust law.

Not to implicitly believe everything said in defence of this bill could you comment on:

https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...

in particular this bit:

This law can compel employees to work in secret without the knowledge of their organisation

Media reporting that has proposed this scenario is incorrect and misleading. The industry assistance framework is concerned with getting help from companies not people acting in their capacity as an employee of a company. Requests for assistance will be served on the corporate entity itself in line with the deeming service provisions in section 317ZL. A notice may be served on an individual if that individual is a sole-trader and their own corporate entity.

A company issued a notice can disclose information about it under paragraph 317ZF(3)(a) in connection with the administration or execution of that notice. This allows an employer to disclose information to their employee and vice versa in the normal course of their duty.

Additionally, a company may disclose statistical information about the fact that they have received a notice consistent with subsection 317ZF(13). Further, companies and their specified personnel may disclose notice information for the purposes of legal proceedings, in accordance with any requirements of law or for the purpose of obtaining legal advice. The notices themselves are therefore not ‘secret’ but information about their substance is controlled to protect sensitive operational and commercial information.

The same page says this:

Penalties for individuals in the legislation are for the purpose of potential enforcement proceedings against sole-traders and individuals acting as businesses.

Which means by intent (but possibly not in words in the act) the idea was not to exclude telling your employer: the point is that sole traders and individuals can be compelled the same way companies can.

Which I read, probably hopelessly optimistically, as that a requirement would almost never be placed on you, and not simultaneously on your employer: They know you are being asked to modify the code. The chance of being unable to "disclose" to your employer here feels quite limited.

so This law gave the government the power to do just that. Is in my non-lawyer opinion, HIGHLY contestable. I would expect somebody like Atlassian to do just that: take it up to them, pony up, and contest the legality of this.

An employee has liabilities for things done to their employers code which causes material harm. I think the canary in the mine would be huge here: resign, do not cause your employers product to be backdoored, you cannot be obligated to introduce bugs.

Let’s say I work at a place that requires mandatory peer code review. I won’t be able to slip something by my (non Australian) reviewer. Surely I could reasonably argue that the government’s request to insert a backdoor without telling anyone is impossible to comply with. How would the government be able to verify my claim that that’s the case?